PBKDF2 is a secure password hashing algorithm that uses the techniques of "key strengthening" to make the complexity of a brute-force attack arbitrarily high. PBKDF2 uses any other cryptographic hash or cipher (by convention, usually HMAC-SHA1, but Crypt::PBKDF2 is fully pluggable), and allows for an arbitrary number of iterations of the hashing function, and a nearly unlimited output hash size (up to 2**32 - 1 times the size of the output of the backend hash). The hash is salted, as any password hash should be, and the salt may also be of arbitrary size.

The name of the default class that will provide PBKDF2's Pseudo-Random Function (the backend hash). If the value starts with a +, the + will be removed and the remainder will be taken as a fully-qualified package name. Otherwise, the value will be appended to Crypt::PBKDF2::Hash::.

The default size (in bytes, not bits) of the output hash. If a value isn't provided, the output size depends on the hash_class / hasher selected, and will equal the output size of the backend hash (e.g. 20 bytes for HMACSHA1).

The maximum password length to allow, for generate and verify functions. Allowing passwords of unlimited length can allow a denial-of-service attack in which an attacker asks the server to validate very large passwords.

For compatibility this attribute is unset by default, but it is recommended to set it to a reasonably small value like 100 -- large enough that users aren't discouraged from having secure passwords, but small enough to limit the computation needed to validate any one password.

Validates whether the password $password matches the hash string $hashed. May throw an exception if the format of $hashed is invalid; otherwise, returns true or false. Accepts both formats that the "generate" method can produce.